University Technology

Java Vulnerability Information

Posted January 25, 2013

On January 10, 2013, security professionals reported that an unpatched vulnerability in Java software exposed Windows, Macintosh, and Linux computers to malware infections simply from browsing the Web. Although Oracle patched critical Java vulnerabilities, the U.S. Computer Emergency Readiness Team (US-CERT) continues urging users to disable Java browser plug-ins due to the number and severity of this and prior Java vulnerabilities.

What Is Java?

The Oracle Java Runtime Environment (JRE) allows users to run Java applications in a browser or as standalone programs. Java is installed on approximately 66% of all computers, although very few websites rely on the features it provides.

Why Should I Be Concerned?

This most recent exploit enables automatic malware downloads, meaning that users do not have to click a malicious link to get their computers infected. Simply using a vulnerable version of Java is sufficient to compromise a computer.

Additional Resources

What Should I Do?

Don't Need Java? Disable It.
Need Java? Update It.